Security zones are logical entities to which one or more interfaces are bound. they are used to divide the network into segments (distinguishing groups of hosts ) to which you can apply various security options to satisfy the needs of each segment.
At a minimum, you must define two security zones, basically to protect one area of the network from the other. by defining many security zones, you will bring finer granularity to your network security design
From the perspective of security policies, traffic enters into one security zone (indentified by source interface) and goes out on another security zone (indentified by destination interface after routing lookup) . This combination of a "from zone" and a "to zone" is defined as a context for security policies. Each context contains an ordered list of policies
Regards